Snippets, lines, and complaints. If you find a solution you are fortunate.

Sunday, December 21, 2014

iPhone security, App Switcher, and Snapshot Cache

In order to provide a smooth and fluid user experience on resource limited hardware IOS on mobile Apple devices takes a "snapshot" of the application's view anytime the application is suspended. This snapshot is then displayed when starting or switching back to the application. This gives the impression that the application starts up much faster than it actually does. This snapshot is also used as the application's thumbnail in the system's App Switcher view.

This is a great feature that we take for granted and rarely notice. It does however present a privacy and security risk. Apps that display private data can leak this data via these snapshots. Then an application, such as iFunBox, can be used to collect the snapshots and gather the leaked data; even non-Jailbroken phones are vulnerable.

This data leaking is preventable be individual applications but many have not secured against this. Some most notable applications that do not protect data are web browsers including Safari and Chrome even when in Private Browsing mode.

You can disable the system's ability to save these snapshots if you have a Jailbroken device. It is simply a matter of replacing the appropriate snapshot folders with a symbolic link to /dev/null.

The snapshots are stored in two different areas. There is a general snapshot folder and a snapshot folder for each application in its data folder.

Many application snapshots are stored in a general location at:

/var/mobile/Library/Caches/Snapshots

The rest are stored on an app by app basis in the application's data folder found at: